samnitewarrior
asked on
Windows 2000 Permissions are hiding everything from administrators
Our windows 2000 server computer some how treats me as if I am a normal user, and all administrators and does not show any of the local drives. Not only this, it has none of the normal administrator things, such as right clicking on my computer and clicking manage, or the run button. Now I know this may seem really strange but it was this way when I started here and it was the same for the guy before me. We have 2 servers like this one, they are both citrix servers and citrix1 (licensing server) has the problem while citrix2 does not. There are ways around things… but I was wondering what could be done. I already got the shortcut to the local security policy and it is identical to the best of my knowledge to the trouble free one. That is the weird thing, I can make a shortcut to go to the c drive and access everything, and I can make a shortcut to computer management and do everything there. Is there any setting somewhere that could cause such trouble or is it the fact that it is the citrix licensing server (metaframe 1.8, yes I know its old… but there is no money). Any ideas would be most appreciated. i thought this was better suited for the Windows area becauseIi really dont think Citrix has anything to do with it. I have been wrong before though.
ASKER
Ok, i have no group policies applied to my account or the administrator account in AD so i think that part is pretty much ruled out, i am domain admin, and administrator do i have to be a local admin too?
domain admins are added to local admin group of window2000+ who join the domain.
ASKER
Good point... the guy who setup the servers is out of contact and i have tried everything i know of to try to fix it, and as best i can tell the server is identical to the one that doesnt have the problems. There must be something im missing somewhere.
have you tried the local admin account? ie dont log onto the domain? change it to log on to the local system only?
I know that there is a group policy to hide drive names but shortcuts still work.
thats why i think GP. next thing i would try is to run GPRESULT
to see whats going on. have you ever used that application?
http://www.buy.com/prod/Linksys_Wireless_G_Cable_DSL_Router_WRT54G_WRT54G/q/loc/419/10336386.html
I know that there is a group policy to hide drive names but shortcuts still work.
thats why i think GP. next thing i would try is to run GPRESULT
to see whats going on. have you ever used that application?
http://www.buy.com/prod/Linksys_Wireless_G_Cable_DSL_Router_WRT54G_WRT54G/q/loc/419/10336386.html
ASKER
No, i never used gpresult, would that need to be run as a local admin? Just out of curiosity, is there any point to the router link because we have a cisco pix and a cisco router and i have one of those at my parents house and i do not belive it could perform the tasks of both of them, nor be as reliable, or have anything to do with the question, dont mind me im just a smart ass!!! :D Anyway i will try to trun that prog and see what happens.
i dont think u have to be an admin. run from a command prompt.
send the results to a file using the command "> gp.txt" postfix. vs sending to the screen
send the results to a file using the command "> gp.txt" postfix. vs sending to the screen
ASKER
I do not really know how to interperate the results of this. But here is the output, thanks for your patience!!!
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Tuesday, November 29, 2005 at 12:49:48 PM
Operating System Information:
Operating System Type: Server
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: Application Server
########################## ########## ########## ########## #######
User Group Policy results for:
CN=Joshua J. Gilmour,OU=Virtual Systems,DC=virtualsystems, DC=ws
Domain Name: VIRTUALSYSTEMS
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming profile: (None)
Local profile: C:\Documents and Settings\jgilmour
The user is a member of the following security groups:
VIRTUALSYSTEMS\Domain Admins
\Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\TERMINAL SERVER USER
NT AUTHORITY\Authenticated Users
\LOCAL
VIRTUALSYSTEMS\Schema Admins
VIRTUALSYSTEMS\Enterprise Admins
VIRTUALSYSTEMS\SMSMSE Admins
########################## ########## ########## ########## #######
Last time Group Policy was applied: Tuesday, November 29, 2005 at 12:14:17 PM
########################## ########## ########## ########## #######
Computer Group Policy results for:
CN=CITRIX1,CN=Computers,DC =virtualsy stems,DC=w s
Domain Name: VIRTUALSYSTEMS
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
BUILTIN\Users
VIRTUALSYSTEMS\CITRIX1$
VIRTUALSYSTEMS\Domain Computers
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
########################## ########## ########## ########## #######
Last time Group Policy was applied: Tuesday, November 29, 2005 at 12:16:00 PM
Group Policy was applied from: dc1.virtualsystems.ws
========================== ========== ========== ========== =======
The computer received "Registry" settings from these GPOs:
Local Group Policy
Default Domain Policy
========================== ========== ========== ========== =======
The computer received "Security" settings from these GPOs:
Local Group Policy
Default Domain Policy
========================== ========== ========== ========== =======
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
Default Domain Policy
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Tuesday, November 29, 2005 at 12:49:48 PM
Operating System Information:
Operating System Type: Server
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: Application Server
##########################
User Group Policy results for:
CN=Joshua J. Gilmour,OU=Virtual Systems,DC=virtualsystems,
Domain Name: VIRTUALSYSTEMS
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming profile: (None)
Local profile: C:\Documents and Settings\jgilmour
The user is a member of the following security groups:
VIRTUALSYSTEMS\Domain Admins
\Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\TERMINAL SERVER USER
NT AUTHORITY\Authenticated Users
\LOCAL
VIRTUALSYSTEMS\Schema Admins
VIRTUALSYSTEMS\Enterprise Admins
VIRTUALSYSTEMS\SMSMSE Admins
##########################
Last time Group Policy was applied: Tuesday, November 29, 2005 at 12:14:17 PM
##########################
Computer Group Policy results for:
CN=CITRIX1,CN=Computers,DC
Domain Name: VIRTUALSYSTEMS
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
BUILTIN\Users
VIRTUALSYSTEMS\CITRIX1$
VIRTUALSYSTEMS\Domain Computers
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
##########################
Last time Group Policy was applied: Tuesday, November 29, 2005 at 12:16:00 PM
Group Policy was applied from: dc1.virtualsystems.ws
==========================
The computer received "Registry" settings from these GPOs:
Local Group Policy
Default Domain Policy
==========================
The computer received "Security" settings from these GPOs:
Local Group Policy
Default Domain Policy
==========================
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
Default Domain Policy
if you increase the logging do the /? switch to see how. (dont do most verbose as its brutal!)
you will see the actual policies being applied.
you will see the actual policies being applied.
did the local settings get a applied using local security editor or gpedit.msc?
ASKER
Good idea... i did verbose mode not super verbose, im not sure what i should be looking for yet though, i see what things are applied but does this tell me what does what? like what i need to disable?
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Tuesday, November 29, 2005 at 1:08:25 PM
Operating System Information:
Operating System Type: Server
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: Application Server
########################## ########## ########## ########## #######
User Group Policy results for:
CN=Joshua J. Gilmour,OU=Virtual Systems,DC=virtualsystems, DC=ws
Domain Name: VIRTUALSYSTEMS
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming profile: (None)
Local profile: C:\Documents and Settings\jgilmour
The user is a member of the following security groups:
VIRTUALSYSTEMS\Domain Admins
\Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\TERMINAL SERVER USER
NT AUTHORITY\Authenticated Users
\LOCAL
VIRTUALSYSTEMS\Schema Admins
VIRTUALSYSTEMS\Enterprise Admins
VIRTUALSYSTEMS\SMSMSE Admins
The user has the following security privileges:
Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Increase quotas
Remove computer from docking station
Impersonate a client after authentication
Create global objects
########################## ########## ########## ########## #######
Last time Group Policy was applied: Tuesday, November 29, 2005 at 12:14:17 PM
########################## ########## ########## ########## #######
Computer Group Policy results for:
CN=CITRIX1,CN=Computers,DC =virtualsy stems,DC=w s
Domain Name: VIRTUALSYSTEMS
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
BUILTIN\Users
VIRTUALSYSTEMS\CITRIX1$
VIRTUALSYSTEMS\Domain Computers
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
########################## ########## ########## ########## #######
Last time Group Policy was applied: Tuesday, November 29, 2005 at 12:16:00 PM
Group Policy was applied from: dc1.virtualsystems.ws
========================== ========== ========== ========== =======
The computer received "Registry" settings from these GPOs:
Local Group Policy
Revision Number: 4
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Default Domain Policy
Revision Number: 9
Unique Name: {31B2F340-016D-11D2-945F-0 0C04FB984F 9}
Domain Name: virtualsystems.ws
Linked to: Domain (DC=virtualsystems,DC=ws)
The following settings were applied from: Local Group Policy
KeyName: Software\Policies\Microsof t\SystemCe rtificates \EFS
ValueName: EFSBlob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsof t\SystemCe rtificates \EFS\Certi ficates\51 73973ABC58 D8475B3F2E EEDFD0797A C366ECF5
ValueName: Blob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsof t\SystemCe rtificates \EFS\CRLs
ValueName:
ValueType: REG_NONE
Value: This key contains no values
KeyName: Software\Policies\Microsof t\SystemCe rtificates \EFS\CTLs
ValueName:
ValueType: REG_NONE
Value: This key contains no values
The following settings were applied from: Default Domain Policy
KeyName: Software\Policies\Microsof t\SystemCe rtificates \EFS
ValueName: EFSBlob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsof t\SystemCe rtificates \EFS\Certi ficates\72 E4D9C64B65 4FCE194241 AE37791A7E 74B658B9
ValueName: Blob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsof t\SystemCe rtificates \EFS\CRLs
ValueName:
ValueType: REG_NONE
Value: This key contains no values
KeyName: Software\Policies\Microsof t\SystemCe rtificates \EFS\CTLs
ValueName:
ValueType: REG_NONE
Value: This key contains no values
========================== ========== ========== ========== =======
The computer received "Security" settings from these GPOs:
Local Group Policy
Revision Number: 4
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Default Domain Policy
Revision Number: 9
Unique Name: {31B2F340-016D-11D2-945F-0 0C04FB984F 9}
Domain Name: VIRTUALSYSTEMS.WS
Linked to: Domain (DC=virtualsystems,DC=ws)
Run the Security Configuration Editor for more information.
========================== ========== ========== ========== =======
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
Revision Number: 4
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Default Domain Policy
Revision Number: 9
Unique Name: {31B2F340-016D-11D2-945F-0 0C04FB984F 9}
Domain Name: virtualsystems.ws
Linked to: Domain (DC=virtualsystems,DC=ws)
Additional information is not available for this type of policy setting.
Microsoft (R) Windows (R) 2000 Operating System Group Policy Result tool
Copyright (C) Microsoft Corp. 1981-1999
Created on Tuesday, November 29, 2005 at 1:08:25 PM
Operating System Information:
Operating System Type: Server
Operating System Version: 5.0.2195.Service Pack 4
Terminal Server Mode: Application Server
##########################
User Group Policy results for:
CN=Joshua J. Gilmour,OU=Virtual Systems,DC=virtualsystems,
Domain Name: VIRTUALSYSTEMS
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
Roaming profile: (None)
Local profile: C:\Documents and Settings\jgilmour
The user is a member of the following security groups:
VIRTUALSYSTEMS\Domain Admins
\Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\TERMINAL SERVER USER
NT AUTHORITY\Authenticated Users
\LOCAL
VIRTUALSYSTEMS\Schema Admins
VIRTUALSYSTEMS\Enterprise Admins
VIRTUALSYSTEMS\SMSMSE Admins
The user has the following security privileges:
Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Increase quotas
Remove computer from docking station
Impersonate a client after authentication
Create global objects
##########################
Last time Group Policy was applied: Tuesday, November 29, 2005 at 12:14:17 PM
##########################
Computer Group Policy results for:
CN=CITRIX1,CN=Computers,DC
Domain Name: VIRTUALSYSTEMS
Domain Type: Windows 2000
Site Name: Default-First-Site-Name
The computer is a member of the following security groups:
BUILTIN\Administrators
\Everyone
BUILTIN\Users
VIRTUALSYSTEMS\CITRIX1$
VIRTUALSYSTEMS\Domain Computers
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
##########################
Last time Group Policy was applied: Tuesday, November 29, 2005 at 12:16:00 PM
Group Policy was applied from: dc1.virtualsystems.ws
==========================
The computer received "Registry" settings from these GPOs:
Local Group Policy
Revision Number: 4
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Default Domain Policy
Revision Number: 9
Unique Name: {31B2F340-016D-11D2-945F-0
Domain Name: virtualsystems.ws
Linked to: Domain (DC=virtualsystems,DC=ws)
The following settings were applied from: Local Group Policy
KeyName: Software\Policies\Microsof
ValueName: EFSBlob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsof
ValueName: Blob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsof
ValueName:
ValueType: REG_NONE
Value: This key contains no values
KeyName: Software\Policies\Microsof
ValueName:
ValueType: REG_NONE
Value: This key contains no values
The following settings were applied from: Default Domain Policy
KeyName: Software\Policies\Microsof
ValueName: EFSBlob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsof
ValueName: Blob
ValueType: REG_BINARY
Value: Binary data. Use the /S switch to display.
KeyName: Software\Policies\Microsof
ValueName:
ValueType: REG_NONE
Value: This key contains no values
KeyName: Software\Policies\Microsof
ValueName:
ValueType: REG_NONE
Value: This key contains no values
==========================
The computer received "Security" settings from these GPOs:
Local Group Policy
Revision Number: 4
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Default Domain Policy
Revision Number: 9
Unique Name: {31B2F340-016D-11D2-945F-0
Domain Name: VIRTUALSYSTEMS.WS
Linked to: Domain (DC=virtualsystems,DC=ws)
Run the Security Configuration Editor for more information.
==========================
The computer received "EFS recovery" settings from these GPOs:
Local Group Policy
Revision Number: 4
Unique Name: Local Group Policy
Domain Name:
Linked to: Local computer
Default Domain Policy
Revision Number: 9
Unique Name: {31B2F340-016D-11D2-945F-0
Domain Name: virtualsystems.ws
Linked to: Domain (DC=virtualsystems,DC=ws)
Additional information is not available for this type of policy setting.
ASKER
I was not the one to setup the computer, i have managed all the other ocmputers and users with ad group policies and security policies. I was not the one to setup the servers... so i dont know how they applied this annoying policy... probably the guy 3 guys back who didnt know where the power button was pretyt much.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Wow... they need to fix the heater here i keep blacking out... i feel fine once i leave... wierd... anyway i have been trying to read that stuff but my mind is not working.
hehe... i know that feeling.
reading some ms KB article making me feel the same way
reading some ms KB article making me feel the same way
ASKER
There... took a "smoke" break... smokers can go stand otuside and smoke 100x a day for 10 minutes a pop... why cant i go and stand outside without a cigarette!!! anyway, will let you know soon, i am no longer seeing these little star thigns buzzing around my head!!! I wonder if it is an actuall physical ailment, or if i am stressed, i do know i show all the classic signs of burn out!!!
make a user that does not have these restrictions applied. in general you want these on a citrix server with the exception of an admijnitrator account.